Web lists-archives.com

Re: [Samba] Computer Management - Share Security - No Read Access





On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
> On Tue, 19 Feb 2019 16:13:27 -0500
> Marco Shmerykowsky <marco@xxxxxxxxxxxxxxxxx> wrote:
>
>>
>> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
>> > On Tue, 19 Feb 2019 15:25:51 -0500
>>
>> >> What exactly does "START AGAIN" imply? Just chmod?
>> >
>> > 'ls' shows the correct ownership and Unix permissions:
>> >
>> > drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
>> > programs
>> >
>> > But 'getfacl' show something different:
>> >
>> > getfacl: Removing leading '/' from absolute path names
>> > # file: server
>> > # owner: root
>> > # group: root
>> > user::rwx
>> > group::r-x
>> > other::r-x
>> >
>> > So what I am suggesting is that you use 'setfacl' to remove the
>> > extended ACL's, it is the only thing I can see different between
>> > my working system and your non-working system
>> >
>> > Rowland
>>
>> root@machine253:/server# setfacl -b /server/users
>>
>> root@machine253:/server# chmod 0770 /server/programs
>> root@machine253:/server# ls -l
>> total 20
>> drwxrwx--- 4 root          domain admins 4096 Feb 17 19:13 programs
>>
>>
>> root@machine253:/server# getfacl /server/programs
>> getfacl: Removing leading '/' from absolute path names
>> # file: server/programs
>> # owner: root
>> # group: domain\040admins
>> user::rwx
>> group::rwx
>> other::---
>>
>> No Change
>
> When you say 'No Change' I take it you mean that it is still not
> working from Windows, because there is a change on the Unix side,
> 'Domain Admins' now has the required Unix permissions.

Correct.  In Computer Manager I can not access anything on the
share except for the share permissions.

I've also been trying to create "user directory" using %LogonUser%
via a group profile.  That deosn't seem to be working, but I don't
know if it's related.
>
> One other thing, I cannot remember asking if Apparmor or Selinux is
> installed and enabled.
>
> Rowland

I tried sestatus and apparmor_status and bith returned 'command not
found'
so I assume they're not running.  I installed Debian 9 from the LiveCD
with the cinnamon desktop.

OK, it is late here, but just in case something has changed, I will set
up a new Debian 9 VM tommorrow, install the distro Samba Packages and
follow the Samba wiki page.

Can you confirm that you are using Samba from Debian 9.
You seem to be using '/server' as the shared directory, is this
correct ?
What Windows version are you using ? (I know you may have already said,
but it saves me looking it up)

Rowland

Debian 9 -> uname -r -> 4.9.0-8-686

This is the iso I used: https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-9.8.0-amd64-cinnamon.iso

Windows 10 (version 1803)

The file directory for the various shares is '/server'

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba